Added new function:

sqgetGlobalVar($name, $value [, location] );
This function looks for a variable named $name.
If found, it sets the value into $value (in signature, is &$value) and
returns true. If the variable is not found, the function returns false.

The optional constant allows you to pick which location to
check for the variable in. If none is specified, it will check,
in this order, $_SESSION, $_POST, $_GET. These are defined constants
for use with this function:
 SQ_INORDER - same as specifying nothing, check all three.
 SQ_SESSION
 SQ_POST
 SQ_GET

    It is recommended that plugins, all functions use this instead of
    directly accessing $_SESSION/$_POST/$_GET arrays, as we have
    already taken care of scope (global, etc).

    The Administration plugin has been updated to use this function,
    as an example.

    This is an alternative to sqextractGlobalVar($name), which looks
    for a var named $name in the SESSION/GET/POST arrays, and creates
    a global variable if defined.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4368 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/global.php b/functions/global.php
index be7cc55..ef63d5a 100644 (file)
--- a/functions/global.php
+++ b/functions/global.php
@@ -158,6 +158,58 @@ function sqsession_is_registered ($name) {
 }
 
 
+define('SQ_INORDER',0);
+define('SQ_GET',1);
+define('SQ_POST',2);
+define('SQ_SESSION',3);
+
+/**
+ * Search for the var $name in $_SESSION, $_POST, $_GET
+ * and set it in provided var. 
+ * If $search is not provided,  or == SQ_INORDER, it will search
+ * $_SESSION, then $_POST, then $_GET. Otherwise,
+ * use one of the defined constants to look for 
+ * a var in one place specifically.
+ * Returns FALSE if variable is not found.
+ * Returns TRUE if it is.
+ */
+function sqgetGlobalVar($name, &$value, $search = SQ_INORDER) {
+    if ( !check_php_version(4,1) ) {
+        global $_SESSION, $_GET, $_POST;
+    }
+    
+    switch ($search) {
+        /* we want the default case to be first here,  
+          so that if a valid value isn't specified, 
+          all three arrays will be searched. */
+        default:
+       case SQ_INORDER:
+       case SQ_SESSION:
+         if( isset($_SESSION[$name]) ) {
+            $value = $_SESSION[$name];
+           return TRUE;
+          } elseif ( $search == SQ_SESSION ) {
+           break;
+         }
+       case SQ_POST:
+         if( isset($_POST[$name]) ) {
+            $value = $_POST[$name];
+           return TRUE;
+         } elseif ( $search == SQ_POST ) {
+           break;
+         }
+               case SQ_GET:
+         if ( isset($_GET[$name]) ) {
+            $value = $_GET[$name];
+           return TRUE;
+         } elseif ( $search == SQ_GET ) {
+           break;
+         }
+    }
+    return FALSE;
+}
+
+ 
 /**
  *  Search for the var $name in $_SESSION, $_POST, $_GET
  *  (in that order) and register it as a global var.

diff --git a/plugins/administrator/auth.php b/plugins/administrator/auth.php
index 58350fa..f04aa69 100644 (file)
--- a/plugins/administrator/auth.php
+++ b/plugins/administrator/auth.php
@@ -11,8 +11,12 @@
 
 function adm_check_user() {
     global $PHP_SELF;
+    require_once(SM_PATH . 'functions/global.php');
     
-    $username = ( !isset($_SESSION['username']) ? '' : $_SESSION['username'] );
+    if ( !sqgetGlobalVar('username',$username,SQ_SESSION) ) {
+        $username = '';
+    }
+
     /* This needs to be first, for all non_options pages */
     if (strpos('options.php', $PHP_SELF)) {
         $auth = FALSE;

diff --git a/plugins/administrator/options.php b/plugins/administrator/options.php
index cf9cb62..cceb0b2 100644 (file)
--- a/plugins/administrator/options.php
+++ b/plugins/administrator/options.php
@@ -234,8 +234,8 @@ $colapse = array( 'Titles' => 'off',
                   'Group7' => getPref($data_dir, $username, 'adm_Group7', 'on' ),
                   'Group8' => getPref($data_dir, $username, 'adm_Group8', 'on' ) );
 
-if ( isset( $_GET['switch'] ) ) {
-    $switch = $_GET['switch'];
+/* look in $_GET array for 'switch' */
+if ( sqgetGlobalVar('switch', $switch, SQ_GET) ) {
     if ( $colapse[$switch] == 'on' ) {
        $colapse[$switch] = 'off';
     } else {
@@ -331,8 +331,9 @@ foreach ( $newcfg as $k => $v ) {
             echo "</td></tr>\n";
             break;
         case SMOPT_TYPE_INTEGER:
-            if ( isset( $HTTP_POST_VARS[$e] ) ) {
-                $v = intval( $HTTP_POST_VARS[$e] );
+           /* look for variable $e in POST, fill into $v */
+            if ( sqgetGlobalVar($e, $v, SQ_POST) ) {
+                $v = intval( $v );
                 $newcfg[$k] = $v;
             }
             echo "<tr><td>$name</td><td>".
@@ -343,8 +344,7 @@ foreach ( $newcfg as $k => $v ) {
             echo "</td></tr>\n";
             break;
         case SMOPT_TYPE_NUMLIST:
-            if ( isset( $HTTP_POST_VARS[$e] ) ) {
-                $v = $HTTP_POST_VARS[$e];
+            if (  sqgetGlobalVar($e, $v, SQ_POST) ) {
                 $newcfg[$k] = $v;
             }
             echo "<tr><td>$name</td><td>";
@@ -363,8 +363,8 @@ foreach ( $newcfg as $k => $v ) {
             echo "</td></tr>\n";
             break;
         case SMOPT_TYPE_STRLIST:
-            if ( isset( $HTTP_POST_VARS[$e] ) ) {
-                $v = '"' . $HTTP_POST_VARS[$e] . '"';
+            if (  sqgetGlobalVar($e, $v, SQ_POST) ) {
+                $v = '"' . $v . '"';
                 $newcfg[$k] = $v;
             }
             echo "<tr><td>$name</td><td>".
@@ -384,8 +384,8 @@ foreach ( $newcfg as $k => $v ) {
             break;
 
         case SMOPT_TYPE_TEXTAREA:
-            if ( isset( $HTTP_POST_VARS[$e] ) ) {
-                $v = '"' . $HTTP_POST_VARS[$e] . '"';
+            if (  sqgetGlobalVar($e, $v, SQ_POST) ) {
+                $v = '"' . $v . '"';
                 $newcfg[$k] = str_replace( "\n", '', $v );
             }
             echo "<tr><td valign=top>$name</td><td>".
@@ -396,8 +396,8 @@ foreach ( $newcfg as $k => $v ) {
             echo "</td></tr>\n";
             break;
         case SMOPT_TYPE_STRING:
-            if ( isset( $HTTP_POST_VARS[$e] ) ) {
-                $v = '"' . $HTTP_POST_VARS[$e] . '"';
+            if (  sqgetGlobalVar($e, $v, SQ_POST) ) {
+                $v = '"' . $v . '"';
                 $newcfg[$k] = $v;
             }
             if ( $v == '""' && isset( $defcfg[$k]['default'] ) ) {
@@ -412,8 +412,7 @@ foreach ( $newcfg as $k => $v ) {
             echo "</td></tr>\n";
             break;
         case SMOPT_TYPE_BOOLEAN:
-            if ( isset( $HTTP_POST_VARS[$e] ) ) {
-                $v = $HTTP_POST_VARS[$e];
+            if (  sqgetGlobalVar($e, $v, SQ_POST) ) {
                 $newcfg[$k] = $v;
             } else {
                 $v = strtoupper( $v );
@@ -434,8 +433,8 @@ foreach ( $newcfg as $k => $v ) {
             echo "</td></tr>\n";
             break;
        case SMOPT_TYPE_PATH:
-           if ( isset( $HTTP_POST_VARS[$e] ) ) {
-               $v = change_to_sm_path($HTTP_POST_VARS[$e]);
+            if (  sqgetGlobalVar($e, $v, SQ_POST) ) {
+               $v = change_to_sm_path($v);
                $newcfg[$k] = $v;
             }
             if ( $v == "''" && isset( $defcfg[$k]['default'] ) ) {
@@ -469,8 +468,8 @@ if ( $colapse['Group7'] == 'off' ) {
     while ( isset( $newcfg["\$theme[$i]['NAME']"] ) ) {
         $k1 = "\$theme[$i]['NAME']";
         $e1 = "theme_name_$i";
-        if ( isset( $HTTP_POST_VARS[$e1] ) ) {
-            $v1 = '"' . str_replace( '\"', '"', $HTTP_POST_VARS[$e1] ) . '"';
+        if (  sqgetGlobalVar($e, $v1, SQ_POST) ) {
+            $v1 = '"' . str_replace( '\"', '"', $v1 ) . '"';
             $v1 = '"' . str_replace( '"', '\"', $v1 ) . '"';
             $newcfg[$k1] = $v1;
         } else {
@@ -478,8 +477,8 @@ if ( $colapse['Group7'] == 'off' ) {
         }
         $k2 = "\$theme[$i]['PATH']";
         $e2 = "theme_path_$i";
-        if ( isset( $HTTP_POST_VARS[$e2] ) ) {
-            $v2 = change_to_sm_path($HTTP_POST_VARS[$e2]);
+        if (  sqgetGlobalVar($e, $v2, SQ_POST) ) {
+            $v2 = change_to_sm_path($v2);
            $newcfg[$k2] = $v2;
         } else {
             $v2 = $newcfg[$k2];
@@ -523,10 +522,9 @@ if( $colapse['Group8'] == 'off' ) {
 
       /* Lets get the plugins that are active */
       $plugins = array();
-      if ( isset( $HTTP_POST_VARS['plg'] ) ) {
+      if (  sqgetGlobalVar('plg', $v, SQ_POST) ) {
         foreach ( $op_plugin as $plg ) {
-            if ( isset( $HTTP_POST_VARS["plgs_$plg"] ) &&
-                 $HTTP_POST_VARS["plgs_$plg"] == 'on' ) {
+            if (  sqgetGlobalVar("plgs_$plg", $v, SQ_POST) && $v == 'on' ) {
                 $plugins[] = $plg;
             }
         }